Menu
I have a .txt file that contains lines with different file paths. I want to simple exclude lines containing certain file paths. The problem is that I don't get around the regex format that is used with the common tools.
sudo cat serv_list.txt | awk '!/C:\\Windows\\system32/' > serv2.txt
sudo cat serv_list.txt | awk '!/"C:\\Windows\\system32"/' > serv2.txt
or
sudo cat serv_list.txt | grep -a -v "C:\Windows\system32\"
I also tried to escape the slashes, but it hasn't worked.
The file looks something like this:
Name PathName ProcessId StartMode
Dhcp C:\Windows\system32\svchost... 784 Auto
ehRecvr C:\Windows\ehome\ehRecvr.exe 543 Auto
defragsvc C:\Windows\system32\svchos... 456 Manual
Audiosrv C:\Windows\System32\svchost.e.. 123 Manual
...
The output should be:
Name PathName ProcessId StartMode
ehRecvr C:\Windows\ehome\ehRecvr.exe 543 Auto
...
Can someone please help me on how I have to modify the awk or grep expression to exclude all lines containing the system32 directory path.
Thank you :)
File Extract from Command Line:
File Extract from Editor:
Last lines of output:
cat -v serv_list2.txt
FALSE Windows Update Normal 0 wuauserv C:\Windows\system32\svchost.exe -k netsvcs 856 0 Share Process TRUE Auto LocalSystem Running OK Win32_ComputerSystem ELS-PC 0 0
FALSE FALSE Windows Driver Foundation - User-mode Driver Framework 0 Win32_Service Manages user-mode driver host processes. FALSE Windows Driver Foundation - User-mode Driver Framework Normal 1077 wudfsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted 0 0 Share Process FALSE Manual LocalSystem Stopped OK Win32_ComputerSystem ELS-PC 0 0
FALSE FALSE WWAN AutoConfig 0 Win32_Service This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. FALSE WWAN AutoConfig Normal 1077 WwanSvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork 0 0 Share Process FALSE Manual NT Authority\LocalService Stopped OK Win32_ComputerSystem ELS-PC 0 0
kali@kali:~$
Output extract from
kali@kali:~$ awk -v IGNORECASE=1 '
{
gsub(/\r/,"")
}
FNR==1{
print
next
}
($2!~/C:\\Windows\\system32\\/)
' serv_list2.txt
FALSE WLAN AutoConfig Normal 1077 Wlansvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted 0 0 Share Process FALSE Manual LocalSystem Stopped OK Win32_ComputerSystem ELS-PC 0 0
FALSE TRUE WMI Performance Adapter 0 Win32_Service Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. FALSE WMI Performance Adapter Normal 0 wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 1436 0 Own Process TRUE Manual localSystem Running OK Win32_ComputerSystem ELS-PC 0 0
FALSE FALSE Windows Media Player Network Sharing Service 0 Win32_Service Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play FALSE Windows Media Player Network Sharing Service Normal 1077 WMPNetworkSvc "C:\Program Files\Windows Media Player\wmpnetwk.exe" 0 0 Own Process FALSE Manual NT AUTHORITY\NetworkService Stopped OK Win32_ComputerSystem ELS-PC 0 0
FALSE FALSE Parental Controls 0 Win32_Service This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only. FALSE Parental Controls Normal 1077 WPCSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted 0 0 Share Process FALSE Manual NT Authority\LocalService Stopped OK Win32_ComputerSystem ELS-PC 0 0
FALSE FALSE Portable Device Enumerator Service 0 Win32_Service Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. FALSE Portable Device Enumerator Service Normal 0 WPDBusEnum C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted 0 0 Share Process FALSE Manual LocalSystem Stopped OK Win32_ComputerSystem ELS-PC 0 0
FALSE TRUE Security Center 0 Win32_Service The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. FALSE Security Center Normal 0 wscsvc C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted 784 0 Share Process TRUE Auto NT AUTHORITY\LocalService Running OK Win32_ComputerSystem ELS-PC 0 0
FALSE TRUE Windows Search 0 Win32_Service Provides content indexing, property caching, and search results for files, e-mail, and other content. FALSE Windows Search Normal 0 WSearch C:\Windows\system32\SearchIndexer.exe /Embedding 2324 0 Own Process TRUE Auto LocalSystem Running OK Win32_ComputerSystem ELS-PC 0 0
FALSE TRUE Windows Update 0 Win32_Service Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. FALSE Windows Update Normal 0 wuauserv C:\Windows\system32\svchost.exe -k netsvcs 856 0 Share Process TRUE Auto LocalSystem Running OK Win32_ComputerSystem ELS-PC 0 0
FALSE FALSE Windows Driver Foundation - User-mode Driver Framework 0 Win32_Service Manages user-mode driver host processes. FALSE Windows Driver Foundation - User-mode Driver Framework Normal 1077 wudfsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted 0 0 Share Process FALSE Manual LocalSystem Stopped OK Win32_ComputerSystem ELS-PC 0 0
FALSE FALSE WWAN AutoConfig 0 Win32_Service This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. FALSE WWAN AutoConfig Normal 1077 WwanSvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork 0 0 Share Process FALSE Manual NT Authority\LocalService Stopped OK Win32_ComputerSystem ELS-PC 0 0
kali@kali:~$
450
asked Mar 21 '26 18:03
Could you please try following, written and tested with shown samples in GNU awk.
awk '!/[cC]:\\[wW][iI][nN][dD][[oO][wW][sS]\\[sS][yY][sS][tT][eE][mM]32/' Input_file
OR
awk 'tolower($0) !~ /c:\\windows\\system32/' Input_file
Looks like OP's system doesn't have IGNORECASE option so going with above approach where matching small and capita letter both cases for matching.
Didn't know that it would end up here, since OP's samples were keep changing. Or use grep's ignore option too here.
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
